HIPAA & BAA · Work management / spreadsheets
Is Smartsheet HIPAA compliant?
Conditionally. Smartsheet offers a HIPAA BAA, but only Enterprise-plan customers using its 'PHI Eligible Services' may upload PHI.
Key facts
- BAA available: Conditionally — on specific plans
- What it takes: Enterprise plan (PHI Eligible Services)
- Official source: Smartsheet — HIPAA Business Associate Agreement — https://www.smartsheet.com/legal/hipaa-baa (verified 2026-06)
How to use Smartsheet in a HIPAA-compliant way
- Be on the Smartsheet Enterprise plan (the only PHI-eligible tier).
- Contact your Smartsheet account manager or submit the Smartsheet for Healthcare request.
- Execute the Smartsheet HIPAA Business Associate Agreement.
- Restrict PHI to the designated PHI Eligible Services and configure access controls.
- Follow the Smartsheet HIPAA Implementation Guide for compliant configuration.
Important caveats
- Only the Enterprise plan qualifies — Pro, Business, and trial plans are not PHI-eligible.
- PHI may only be placed in 'PHI Eligible Services'; some features are excluded from the BAA scope.
- Compliance is a shared-responsibility model — the BAA covers Smartsheet's obligations, not your usage.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Smartsheet correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Smartsheet.
Frequently asked questions
Does Smartsheet sign a BAA?
On specific plans. Enterprise plan (PHI Eligible Services) A signed BAA is required before any PHI is involved.
Is Smartsheet HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Smartsheet offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Smartsheet with PHI?
Only the Enterprise plan qualifies — Pro, Business, and trial plans are not PHI-eligible.
